Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Fighting Google Redirect


  • Please log in to reply

#1
Damn Microsoft

Damn Microsoft

    New Member

  • Member
  • Pip
  • 1 posts
I am fighting with google redirect. Malware bytes, spybot, hijack find nothing. Just let me know what is needed as I have followed all the steps mentioned in the malware forum. Help!?

ComboFix 09-11-23.06 - Tinker 11/24/2009 15:28.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.1123 [GMT -6:00]
Running from: c:\documents and settings\Tinker\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))
.

2009-11-24 17:48 . 2009-11-24 17:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-24 17:48 . 2009-11-24 17:48 152576 ----a-w- c:\documents and settings\Tinker\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-24 17:47 . 2009-11-24 17:47 79488 ----a-w- c:\documents and settings\Tinker\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-24 17:44 . 2008-07-14 11:09 205560 ----a-w- c:\windows\UNBOC.EXE
2009-11-24 17:44 . 2008-07-14 11:09 212728 ----a-w- c:\windows\CMDLIC.DLL
2009-11-23 15:27 . 2009-11-23 15:27 -------- d-----w- c:\documents and settings\Tinker\Local Settings\Application Data\MyPorts
2009-11-16 00:07 . 2009-11-21 20:19 -------- d-----w- c:\program files\MyDefrag v4.2.6
2009-11-15 22:35 . 2009-11-15 22:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-11-15 22:35 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 22:35 . 2009-11-15 22:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 22:35 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-12 19:42 . 2009-11-12 19:42 -------- d-----w- c:\program files\Avanquest update
2009-11-12 05:45 . 2009-11-12 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-12 05:44 . 2009-11-12 05:44 -------- d-----w- c:\program files\Common Files\iS3
2009-11-12 05:44 . 2009-11-12 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-11-11 18:45 . 2009-11-11 18:45 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-11 18:45 . 2009-11-11 18:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-11-10 02:27 . 2009-11-10 02:27 -------- d-----w- c:\documents and settings\Tinker\Application Data\Malwarebytes
2009-11-10 02:27 . 2009-11-10 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-08 20:05 . 2009-11-08 20:05 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-08 20:04 . 2009-11-08 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-05 17:17 . 2009-11-09 01:42 -------- d-----w- c:\documents and settings\Tinker\Application Data\Uniblue
2009-11-05 17:17 . 2009-11-09 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 17:58 . 2006-01-15 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-24 17:57 . 2009-01-06 16:17 -------- d-----w- c:\program files\CCleaner
2009-11-24 17:49 . 2004-05-12 14:24 -------- d-----w- c:\program files\Java
2009-11-24 14:59 . 2007-10-16 20:18 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-24 00:25 . 2009-09-08 15:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-24 00:00 . 2009-04-10 13:16 -------- d-----w- c:\documents and settings\Tinker\Application Data\uTorrent
2009-11-23 02:30 . 2009-06-14 23:44 -------- d-----w- c:\documents and settings\Tinker\Application Data\Any Video Converter
2009-11-15 22:08 . 2008-10-11 22:24 -------- d-----w- c:\program files\Motorola
2009-11-15 04:46 . 2009-03-27 13:49 117760 -c--a-w- c:\documents and settings\Tinker\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-15 04:44 . 2009-07-12 00:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-15 04:43 . 2006-01-04 16:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-13 05:02 . 2008-10-11 21:46 -------- d-----w- c:\program files\Motorola Phone Tools
2009-11-13 05:02 . 2004-05-13 15:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-13 05:01 . 2008-10-03 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-11-12 21:50 . 2008-10-11 21:50 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-11-12 15:38 . 2008-04-19 01:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-12 15:26 . 2009-11-12 15:26 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-10 15:36 . 2004-05-12 15:08 73720 -c--a-w- c:\documents and settings\Tinker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 12:55 . 2008-02-21 23:56 -------- d-----w- c:\program files\Palm
2009-10-27 12:52 . 2006-12-30 00:47 -------- d-----w- c:\program files\dvdSanta
2009-10-08 20:57 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 20:57 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 20:56 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-06 01:06 . 2007-10-22 15:34 1715 ----a-w- c:\documents and settings\Tinker\Application Data\SAS7_000.DAT
2009-09-25 05:37 . 2004-08-04 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"CallControl 4.5"="c:\program files\FAXTALK COMMUNICATOR\FTCtrl32.exe" [2002-05-18 122368]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-24 149280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S1 487d68a;487d68a;c:\windows\system32\drivers\487d68a.sys --> c:\windows\system32\drivers\487d68a.sys [?]
S1 SASKUTIL;SASKUTIL;\??\g:\computer-repair-utility-kit\Virus Removal\SuperAntiSpyware\SASKUTIL.sys --> g:\computer-repair-utility-kit\Virus Removal\SuperAntiSpyware\SASKUTIL.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/15/2009 4:35 PM 38224]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys --> c:\windows\system32\DRIVERS\motport.sys [?]
.
.
------- Supplementary Scan -------
.
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Tinker\Application Data\Mozilla\Firefox\Profiles\dlxjobct.default\
FF - prefs.js: browser.search.selectedEngine - AltaVista
FF - prefs.js: browser.startup.homepage - hxxp://www.gpcom.com/
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@DACL=(02 0000)
@=""
"DLLName"="igfxdev.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:5d,91,57,42,70,a0,53,46,f4,5f,25,c0
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1932)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-24 15:33
ComboFix-quarantined-files.txt 2009-11-24 21:32
ComboFix2.txt 2009-11-24 20:53
ComboFix3.txt 2009-11-24 20:33

Pre-Run: 87,464,525,824 bytes free
Post-Run: 87,448,231,936 bytes free

Current=6 Default=6 Failed=1 LastKnownGood=3 Sets=1,2,3,6
- - End Of File - - ECFD28BBE42F5CAC85E240C04A41F4D6



MBAM REPORT

Malwarebytes' Anti-Malware 1.41
Database version: 3224
Windows 5.1.2600 Service Pack 3

11/24/2009 5:13:36 PM
mbam-log-2009-11-24 (17-13-36).txt

Scan type: Full Scan (C:\|)
Objects scanned: 158612
Time elapsed: 15 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Damn Microsoft, 25 November 2009 - 11:22 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP